Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebase authentication for private server

Tags:

flutter

firebase-authentication

lumen

I am developoing a flutter app and want to use Firebase auth service to enable my users to signup/login using:

  • email/pass
  • google
  • facebook

I have a lumen backend REST server with MySQL database.

Problem: Going through loads of firebase documentation I cannot understand the whole flow of how this should work.

I can successfully create users using the app and they appear in the firebase console, however, I don't know how to enable them to securely talk to my backend server.

I would expect Firebase to release an access and refresh tokens for me to use for my private communication between the app and backend, like AWS cognito does. Instead, it issues an "ID Token" that is JWT token and should be verified on backend. But what do I do once it is verified?

How do I link my users in my database to the authenticated user? What is the thing to store in the database to map to the authenticated user?

Do I have to generate custom tokens via the Admin SDK?

Or is the ID Token the thing that should be passed from client to backend on each request and then verified? But still, what do I put from this ID token to my database to link the authenticated user with their data?

like image 667
Mantoska Avatar asked Sep 09 '18 11:09

Mantoska

People also ask

Can I use Firebase for authentication only?

You can use Firebase Authentication to allow users to sign in to your app using one or more sign-in methods, including email address and password sign-in, and federated identity providers such as Google Sign-in and Facebook Login.

How to do authentication in Firebase?

How does it work? To sign a user into your app, you first get authentication credentials from the user. These credentials can be the user's email address and password, or an OAuth token from a federated identity provider. Then, you pass these credentials to the Firebase Authentication SDK.

Is Firebase free for personal use?

Firebase offers a no-cost tier pricing plan for all its products. For some products, usage continues at no cost no matter your level of use. For other products, if you need high levels of use, you'll need to switch your project to a paid-tier pricing plan.

Does Firebase Auth work offline?

By enabling persistence, any data that the Firebase Realtime Database client would sync while online persists to disk and is available offline, even when the user or operating system restarts the app. This means your app works as it would online by using the local data stored in the cache.

1 Answers

Here's how I do it now. It works great.

  1. Install Firebase admin sdk on your backend server, if you are using php, here is what I've followed and worked flawlessly: PHP Firebase Admin sdk
  2. Aquire firebase idToken using firebase SDK in your client (app), I've used Firebase auth package for this.
  3. Send idToken to your backend
  4. Use Admin SDK to verify the idToken, if verification is successful it returns a Firebase user object. And you can perform various management actions on it (modify, delete, get different data etc.).
  5. Get uid from the Firebase user object.
  6. Store uid in your database.
  7. Now each time this authenticated user makes a request to your backend server, you attach the idToken to the header of the request.
  8. Each time you verify (see step 4) the idToken on your backend server and if the verification is successful you extract the uid to know which user to query in your database.

Any comments/improvements on this are welcome :)

like image 97
Mantoska Avatar answered Sep 17 '22 11:09

Mantoska
Sign in to Comment

Related questions

javascript firebase.auth().signInWithEmailAndPassword not be able to get success event
Firebase Phone Auth won't send me the sms with my code
How to get currently logged in auth state/user from angularfire2
Firebase auth internal error "SignUp are blocked" on web
How to properly sign out of Facebook on Android with Firebase?
Firebase crashes on Android during anonymous login
This is a most likely a transient condition and may be corrected by retrying with a backoff
Is there a way to specify a default configuration set on Amazon SES?
Unity/Firebase How to authenticate using Google?
Reloading current user doesn't refresh emailVerified state in Firebase Authentication
E/FirebaseInstanceId: Failed to get FIS auth token
How to initialize firebase after android google login?
Create user in database after Firebase Auth (android)
Android Firebase Rest API Authentication
Firebase signInWithEmailAndPassword() 400() POST Error
Flutter Firebase Auth Password Reset
How do I access my Firebase Database via HTTP REST API?
Checking Firebase current signed-in user via Listener in iOS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!